From 2eae5121d1535e56927211053b3156413bfc6224 Mon Sep 17 00:00:00 2001
From: Caleb Hailey <caleb@sensu.io>
Date: Fri, 4 Mar 2022 22:07:51 -0800
Subject: [PATCH] initial implementation

---
 .../sensu/entity-manager/CHANGELOG.md         |  14 ++
 integrations/sensu/entity-manager/README.md   | 120 ++++++++++++++++++
 integrations/sensu/entity-manager/logo.png    | Bin 0 -> 1517 bytes
 .../entity-manager/sensu-integration.yaml     |  58 +++++++++
 .../sensu/entity-manager/sensu-resources.yaml | 117 +++++++++++++++++
 5 files changed, 309 insertions(+)
 create mode 100644 integrations/sensu/entity-manager/CHANGELOG.md
 create mode 100644 integrations/sensu/entity-manager/README.md
 create mode 100644 integrations/sensu/entity-manager/logo.png
 create mode 100644 integrations/sensu/entity-manager/sensu-integration.yaml
 create mode 100644 integrations/sensu/entity-manager/sensu-resources.yaml

diff --git a/integrations/sensu/entity-manager/CHANGELOG.md b/integrations/sensu/entity-manager/CHANGELOG.md
new file mode 100644
index 00000000..cf190dbc
--- /dev/null
+++ b/integrations/sensu/entity-manager/CHANGELOG.md
@@ -0,0 +1,14 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog][changelog] and this project adheres
+to [Semantic Versioning][semver].
+
+## Unreleased
+
+- Initial implementation
+
+
+[changelog]: http://keepachangelog.com/en/1.0.0/
+[semver]: http://semver.org/spec/v2.0.0.html
diff --git a/integrations/sensu/entity-manager/README.md b/integrations/sensu/entity-manager/README.md
new file mode 100644
index 00000000..00f63348
--- /dev/null
+++ b/integrations/sensu/entity-manager/README.md
@@ -0,0 +1,120 @@
+## Overview
+
+<!-- Sensu Integration description; supports markdown -->
+
+The Sensu Entity Manager integration provides automated management of agent subscriptions, labels, and annotations. 
+
+The Sensu Entity Manager works with any check or event producer that generates one instruction per line of `event.check.output` in any of the following formats:
+
+* **Subscriptions** 
+
+  One subscription per line.
+
+  ```
+  system/linux
+  postgres
+  ```
+
+* **Labels & Annotations** 
+
+  One key=value pair per line.
+
+  ```
+  region=us-west-1
+  app_id=1234
+  ```
+
+* **Mix of subscriptions, labels, and annotations**
+
+  One command per line. 
+
+  ```
+  add-subscription system/linux
+  add-subscription postgres
+  add-label region=us-west-1
+  add-annotation application_id=1234
+  ```
+
+For more information, please visit the [sensu/sensu-entity-manager][sensu-entity-manager-github] project on GitHub.
+
+## Dashboards
+
+<!-- List of compatible dashboards w/ screenshots (supports png, jpeg, and gif images; relative paths only; e.g. `![](img/dashboard-1.png)` )-->
+
+There are no compatible dashboards for this integration.
+
+## Setup
+
+<!-- Sensu Integration setup instructions, including Sensu agent configuration and external component configuration -->
+<!-- EXAMPLE: what configuration (if any) is required in a third-party service to enable monitoring? -->
+
+1. **Create an API Key for use with this integration, optionally including a dedicated "service account" user.**
+
+   Create an "entity-manager" service account (i.e. [role], [role-binding], and [user]):
+
+   ```
+   sensuctl role create entity-manager --verb=update --resource entities
+   sensuctl role-binding create entity-manager --role=entity-manager --user=entity-manager
+   sensuctl user create entity-manager --password $(openssl rand -hex 16)
+   sensuctl api-key grant entity-manager
+   ```
+
+   _NOTE: "service account users should be used for automation purposes only, with api-keys for authentication.
+   Generating and discarding a random password (e.g. `openssl rand -hex 16` or `uuid -v4`) is appropriate in this context._
+
+   The `sensuctl api-key grant` command should produce a response containing a 36-character UUID v4 formatted string:
+
+   ```
+   Created: /api/core/v2/apikeys/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+   ```
+
+   Copy the `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` portion of the output.
+
+   If you are unable to generate a `role`, `role-binding`, `user`, and/or `api-key`, please contact your Sensu administrator.
+
+## Plugins
+
+<!-- Links to any Sensu Integration dependencies (i.e. Sensu Plugins) -->
+
+- [sensu/sensu-entity-manager][sensu-entity-manager-bonsai] ([GitHub][sensu-entity-manager-github])
+
+## Metrics & Events
+
+<!-- List of all metrics or events collected by this integration. -->
+
+This integration does not produce any [metrics].
+
+## Alerts
+
+<!-- List of all alerts generated by this integration. -->
+
+<!-- This integration provides an alert & incident management processing pipeline for use with other monitoring integrations. By default this integration will process all events passing the [built-in `is_incident` filter][is_incident] (i.e. failing events and resolution events only). Event processing via this integration may be suppressed using [Sensu Silencing][silences] (see the [built-in `not_silenced` filter][not_silenced] for more details). -->
+
+This integration does not produce any events that should be processed by an alert or incident management [pipeline].
+
+## Reference Documentation
+
+<!-- Please provide links to any relevant reference documentation to help users learn more and/or troubleshoot this integration; specifically including any third-party software documentation. -->
+
+1. [Role-Based Access Controls (RBAC) for Sensu Go][rbac]
+1. [Sensu Subscriptions][subscriptions]
+
+<!-- Links -->
+[check]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-schedule/checks/
+[asset]: https://docs.sensu.io/sensu-go/latest/plugins/assets/
+[subscription]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-schedule/subscriptions/
+[subscriptions]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-schedule/subscriptions/
+[agents]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-schedule/agent/
+[annotation]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-schedule/agent/#general-configuration-flags
+[plugins]: https://docs.sensu.io/sensu-go/latest/plugins/
+[metrics]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-schedule/metrics/
+[pipeline]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-process/pipelines/
+[handler]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-process/handlers/
+[secret]: https://docs.sensu.io/sensu-go/latest/operations/manage-secrets/secrets/
+[secrets]: https://docs.sensu.io/sensu-go/latest/operations/manage-secrets/secrets/
+[tokens]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-schedule/tokens/
+[handler-templating]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-process/handler-templates/
+[sensu-plus]: https://sensu.io/features/analytics
+[sensu-entity-manager-bonsai]: https://bonsai.sensu.io/assets/sensu/sensu-entity-manager
+[sensu-entity-manager-github]: https://github.com/sensu/sensu-entity-manager
+[rbac]: https://docs.sensu.io/sensu-go/latest/operations/control-access/rbac/
\ No newline at end of file
diff --git a/integrations/sensu/entity-manager/logo.png b/integrations/sensu/entity-manager/logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..692ba3412f57f8d798f24546b2b0c00d14ab2d2b
GIT binary patch
literal 1517
zcmcJP`#aMM9LLu|Q9LcT+!aa4Nhf6HlA7GV_}Ze!nNXQaG`1<$@+ekzN@nD?@su&+
z9CBGA>m(EoQ=7|iX^zWiGjbP_v-3xs=lQ%p@8|W?=kvq+d1v?mZYukA_Cp{L6%Tg=
zDD#T{q$nrb7jjW#naN{Zd|V)q+9wCThbhQ-4-RxY52@zqiDhur&l~CLhV{<q!u+p;
z_f21xojZaDfdI%s9?DF-r8J?rI#@f}YIDrB*>KURGc?0WF3y{oPdsONNcOM%cMpUM
z^7e>mRGj_X3JUoL;`tC_{*yd(dZ#3T5Ro{fjiZ(RAs+W6foZFU4sCHyXA6ku;u*9?
ztmd2!Z3Fw}{;ELf%GQt)dTU%McuSgga%UmUVn>{2P9nU^siQ;7ZkRfl^(pyu-+Gr#
zp=U9}XVJ;26OSrUsv@x?-HK@rD1tV#Xq|7c4hrvMObJ&gkh3<M<>u(=27#INZWRh9
zB6ygGE8q^+s%0W)(u{K9VeTk8lo`!i1W}mCsCK-8>L6y+F+gIH7e4Ftz+zj_=7bz%
z%_^G?5XjjQc$>Qq{U|d6*aZVvH`z@z3&Qfu2Tl{slu+vyFL_lZ*&xlAOSXwY;zX7q
zTZMIyt<NH|$vC~!nG2~)cFB3&jC^H}lv3PhQPR4`b%Ve&T%Rs#s58GpbGnN;pZDBC
z*Pr-%*JN_RNME9my6MzwDfO4`R7CmXrL)zSbElwv0bU>3`1+zch8cr$!{#B0RHSnl
z1WIgu0$1GiSDB^JYns7KCq^*yE@K892LjkBtODya0Yc|J`;>~PKX)<|;3~V?4v~#)
z@a31s23$|4ApHALbbY!fhjH0PFzxW`^E?YQ*|w<{RnVMOx8e&_YM&Ai-ttS{z<nD=
zW88f;hlqkt7TPwKPQb<`Tn?w^OV88xiaSRF3xlcVFt3sDw2N&>jDv8p7gWH!Y|x5*
z6z}({#)#ctpy_dq-N5BNu0_s_30fnzMF|$YOjQhQ_-o5rZ7NdQLwuyyo{w(^pRKg&
zQH!A9l`<oYZP@fL*+FP?tU<+!wngze1x&>WH?>}5o1m!6j7^Os%2kuR1cuq;tVS)?
zMI({@lxEUn^wFFJd*OV0=dH!K=p=+9V|eZS9mJl=_O21)T{XL&r3R{F;<o+XcTs`+
z><YULu9oj+R-L1E)BTtUrpj!J+C5~ic1Wc}*%Eb&oGY=L_xKQxmy8|nV9uL1tE1`T
z#tV{k;ns@6YiyzCQZ>tlh$VKKj~t}NvNG^zd->Jjm%Q5|2iRt$1}ZYR1SV>@*F(4G
z)4=+<U|j5r*%q%ext~&U)c2CUHb_#whl5pyUr9-le7>|vhwE1wwc{oilk^4}_Vn<B
z`tW%pYDi>#+(W#9)Gmo%<D5i|?Kvn}-aO)}%V;r9d7_cdy1{|=mO^Lsyd37FQ7xSD
z_f=(`s^Kj{5uemN@>>sC7E%2zo)xHuQDheg+()L-DCfN|(bc;SMfPjV>n^m!4Qt%7
z*S61Gi<7bDUVk+i+WGv5&pTO*V`W>H*ZB)?w-7QJU{rlW^xCKRVK{+OHtbWnXdEEr
zn`OPHMNH}8+&uRk078D|fV7x3@wx*duu!*$;6Bf1=d4u0;Eg~qxB<XHLqHdF2C7%(
zd%Muvl$ty1wTQ!je+Oo)1~)mz&u!;akp$KKje=JxlFw1cRVJ*d<amkK1sI`hf<6YE
z!ksnI{c%x>8{cTW8Al^0R(iI<2bfU0Ij99RsZ#=ur%$PS9fi4qLBL&ojXk)8xf594
zYh;tD{vccE=v$-6z2EN}(um&Q$~H=$Kty(i))+_m>d*sDrcbMTguyn!NT67~m}Z&&
z<(fyB{gpC5hI1K~F<zF%=mY=e?Sfx;e}dn5zGAqYA%E49uE<f^>R8(M?Cn{R%k|AO
Pvd)Ca8U|5)KJ?zduI}@D

literal 0
HcmV?d00001

diff --git a/integrations/sensu/entity-manager/sensu-integration.yaml b/integrations/sensu/entity-manager/sensu-integration.yaml
new file mode 100644
index 00000000..f1804cef
--- /dev/null
+++ b/integrations/sensu/entity-manager/sensu-integration.yaml
@@ -0,0 +1,58 @@
+---
+api_version: catalog/v1
+type: Integration
+metadata:
+  namespace: sensu
+  name: entity-manager
+spec:
+  class: supported
+  provider: discovery
+  display_name: "Sensu Entity Manager"
+  short_description: "Real-time subscription and entity metadata management (for use with auto-discovery checks)"
+  supported_platforms:
+    - darwin
+    - linux
+    - windows
+  tags:
+    - sensu
+    - discovery
+    - auto discovery
+    - service discovery
+  contributors:
+    - "@sensu"
+    - "@calebhailey"
+  prompts:
+    - type: section
+      title: Secrets Management
+    - type: markdown
+      body: |
+        This integration requires a Sensu API Key that provides write access to the Entities API.
+    - type: question
+      name: secret_provider
+      input:
+        type: string
+        title: Secret Provider
+        enum:
+          - env
+          - vault
+        default: env
+    - type: question
+      name: secret_id
+      input:
+        type: string
+        title: Secret ID
+        description: >-
+          Provide the Secret identifier (i.e. environment variable name, or Vault secret key/path)
+        default: SENSU_ENTITY_MANAGER_API_KEY
+  resource_patches:
+    - resource:
+        api_version: secrets/v1
+        type: Secret
+        name: entity-manager-api-key
+      patches:
+        - path: /spec/provider
+          op: replace
+          value: "[[secret_provider]]"
+        - path: /spec/id
+          op: replace
+          value: "[[secret_id]]"
diff --git a/integrations/sensu/entity-manager/sensu-resources.yaml b/integrations/sensu/entity-manager/sensu-resources.yaml
new file mode 100644
index 00000000..535c7096
--- /dev/null
+++ b/integrations/sensu/entity-manager/sensu-resources.yaml
@@ -0,0 +1,117 @@
+---
+type: Pipeline
+api_version: core/v2
+metadata:
+  name: entity-manager
+  labels:
+    provider: discovery
+spec:
+  workflows:
+  - name: subscription-manager
+    filters:
+    - api_version: core/v2
+      type: EventFilter
+      name: has_subscriptions
+    handler:
+      api_version: core/v2
+      type: Handler
+      name: subscription-manager
+  - name: label-manager
+    filters:
+    - api_version: core/v2
+      type: EventFilter
+      name: has_labels
+    handler:
+      api_version: core/v2
+      type: Handler
+      name: label-manager
+  - name: annotation-manager
+    filters:
+    - api_version: core/v2
+      type: EventFilter
+      name: has_annotations
+    handler:
+      api_version: core/v2
+      type: Handler
+      name: annotation-manager
+
+---
+type: Handler
+api_version: core/v2
+metadata:
+  name: subscription-manager
+spec:
+  type: pipe
+  command: >-
+    sensu-entity-manager
+    --api-url https://${SENSU_API_URL}:8080
+    --add-subscriptions
+  runtime_assets:
+  - sensu/sensu-entity-manager:0.3.0
+  timeout: 5
+  secrets:
+  - name: SENSU_API_KEY
+    secret: entity-manager-api-key
+
+---
+type: Handler
+api_version: core/v2
+metadata:
+  name: label-manager
+spec:
+  type: pipe
+  command: >-
+    sensu-entity-manager
+    --api-url https://${SENSU_API_URL}:8080
+    --add-labels
+  runtime_assets:
+  - sensu/sensu-entity-manager:0.3.0
+  timeout: 5
+  secrets:
+  - name: SENSU_API_KEY
+    secret: entity-manager-api-key
+
+---
+type: Secret
+api_version: secrets/v1
+metadata:
+  name: entity-manager-api-key
+spec:
+  provider: env
+  id: SENSU_ENTITY_MANAGER_API_KEY
+
+---
+type: EventFilter
+api_version: core/v2
+metadata:
+  name: has_subscriptions
+spec:
+  action: allow
+  expressions:
+  - event.check.annotations.discovery == subscriptions
+  - event.check.status == 0
+  - event.check.occurrences == 1
+
+---
+type: EventFilter
+api_version: core/v2
+metadata:
+  name: has_labels
+spec:
+  action: allow
+  expressions:
+  - event.check.annotations.discovery == labels
+  - event.check.status == 0
+  - event.check.occurrences == 1
+
+---
+type: EventFilter
+api_version: core/v2
+metadata:
+  name: has_annotations
+spec:
+  action: allow
+  expressions:
+  - event.check.annotations.discovery == annotations
+  - event.check.status == 0
+  - event.check.occurrences == 1
\ No newline at end of file